Galileo Systems Group, Premier IT solutions and support.

  • Home
  • Solutions
  • Emergency Response
  • Who We Are
    • Testimonials & Case Studies
  • Connect with Us
    • Contact Us
    • Blog
    • Social Media
    • Video
    • Support
You are here: Home / Uncategorized / IT Defense in Depth Part II

July 13, 2016 by Lance Gibb

IT Defense in Depth Part II

Defense in Depth Part II

In our last blog we started talking about the different layers of security necessary to fully defend your data and business integrity. Today we will look at the human aspect of it, and network defenses. The human layer refers to the activities that your employees perform. 95% of security incidences involve human error. Ashley Schwartau of The Security Awareness Company says the two biggest mistakes a company can make are “assuming their employees know internal security policies: and “assuming their employees care enough to follow policy”.

Here are some ways Hackers exploit human foibles:

  • Guessing or brute-force solving passwords
  • Tricking employees to open compromised emails or visit compromised websites
  • Tricking employees to divulge sensitive information

For the human layer, you need to:

  • Enforce mandatory password changes every 30 to 60 days, or after you lose an employee
  • Train your employees on best practices every 6 months
  • Provide incentives for security conscious behavior.
  • Distribute sensitive information on a need to know basis
  • Require two or more individuals to sign off on any transfers of funds,
  • Watch for suspicious behavior

The network layer refers to software attacks delivered online. This is by far the most common vector for attacks, affecting 61% of businesses last year. There are many types of malware: some will spy on you, some will siphon off funds, some will lock away your files.

However, they are all transmitted in the same way:

  • Spam emails or compromised sites
  • “Drive by” downloads, etc.

To protect against malware

  • Don’t use business devices on an unsecured network.
  • Don’t allow foreign devices to access your wifi network.
  • Use firewalls to protect your network
  • Make your sure your Wi­Fi network is encrypted.
  • Use antivirus software and keep it updated. Although it is not the be all, end all of security, it will protect you from the most common viruses and help you to notice irregularities
  • Use programs that detect suspicious software behavior

The mobile layer refers to the mobile devices used by you and your employees. Security consciousness for mobile devices often lags behind consciousness about security on otherplatforms, which is why there 11.6 million infected devices at any given moment.

There are several common vectors for compromising mobile devices

  • Traditional malware
  • Malicious apps
  • Network threats

To protect your mobile devices you can:

  • Use secure passwords
  • Use encryption
  • Use reputable security apps
  • Enable remote wipe options.

Just as each line of defense would have been useless without an HQ to move forces to where they were needed most, IT defense-in-depth policy needs to have a single person, able to monitor each layer for suspicious activity and respond accordingly.

Facebooktwitterlinkedinmail

Filed Under: Uncategorized

Cyber-security eBook

Click here to download our latest eBook, the 10 Truths of Cyber-security.
Or Call us at 303-617-6442 if you're ready to discuss the next steps in securing your business online.

Information, Sales

[email protected]
720-221-6804

Support

[email protected]

Recent Blog Posts

  • Austrailian Scouts Organization compromised resulting in personally identifiable information being released October 7, 2020
  • Watchmaker Swatch infected with Ransomware October 7, 2020
  • eResearch Technology Ransomware October 7, 2020
  • Largest known School District to be hit by hackers October 7, 2020
  • American Payroll Association suffers breach September 16, 2020

Search Galileo

Tags

Images Left ransomware Threaded Comments

Copyright © 2023 · Executive Pro Theme on Genesis Framework · WordPress · Log in